lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAKH8qBst6==Rw1mQohjNimf5QZrPJ05d+XLjqyyT1W8fENNz4w@mail.gmail.com>
Date:   Thu, 22 Dec 2022 20:06:48 -0800
From:   Stanislav Fomichev <sdf@...gle.com>
To:     Martin KaFai Lau <martin.lau@...ux.dev>
Cc:     ast@...nel.org, daniel@...earbox.net, andrii@...nel.org,
        song@...nel.org, yhs@...com, john.fastabend@...il.com,
        kpsingh@...nel.org, haoluo@...gle.com, jolsa@...nel.org,
        David Ahern <dsahern@...il.com>,
        Jakub Kicinski <kuba@...nel.org>,
        Willem de Bruijn <willemb@...gle.com>,
        Jesper Dangaard Brouer <brouer@...hat.com>,
        Anatoly Burakov <anatoly.burakov@...el.com>,
        Alexander Lobakin <alexandr.lobakin@...el.com>,
        Magnus Karlsson <magnus.karlsson@...il.com>,
        Maryam Tahhan <mtahhan@...hat.com>, xdp-hints@...-project.net,
        netdev@...r.kernel.org, bpf@...r.kernel.org
Subject: Re: [PATCH bpf-next v5 11/17] selftests/bpf: Verify xdp_metadata
 xdp->af_xdp path

On Thu, Dec 22, 2022 at 4:40 PM Martin KaFai Lau <martin.lau@...ux.dev> wrote:
>
> On 12/20/22 2:20 PM, Stanislav Fomichev wrote:
> > +static int open_xsk(const char *ifname, struct xsk *xsk)
> > +{
> > +     int mmap_flags = MAP_PRIVATE | MAP_ANONYMOUS | MAP_NORESERVE;
> > +     const struct xsk_socket_config socket_config = {
> > +             .rx_size = XSK_RING_PROD__DEFAULT_NUM_DESCS,
> > +             .tx_size = XSK_RING_PROD__DEFAULT_NUM_DESCS,
> > +             .libbpf_flags = XSK_LIBBPF_FLAGS__INHIBIT_PROG_LOAD,
> > +             .xdp_flags = XDP_FLAGS,
> > +             .bind_flags = XDP_COPY,
> > +     };
> > +     const struct xsk_umem_config umem_config = {
> > +             .fill_size = XSK_RING_PROD__DEFAULT_NUM_DESCS,
> > +             .comp_size = XSK_RING_CONS__DEFAULT_NUM_DESCS,
> > +             .frame_size = XSK_UMEM__DEFAULT_FRAME_SIZE,
> > +             .flags = XDP_UMEM_UNALIGNED_CHUNK_FLAG,
> > +     };
> > +     __u32 idx;
> > +     u64 addr;
> > +     int ret;
> > +     int i;
> > +
> > +     xsk->umem_area = mmap(NULL, UMEM_SIZE, PROT_READ | PROT_WRITE, mmap_flags, -1, 0);
> > +     if (!ASSERT_NEQ(xsk->umem_area, MAP_FAILED, "mmap"))
> > +             return -1;
> > +
> > +     ret = xsk_umem__create(&xsk->umem,
> > +                            xsk->umem_area, UMEM_SIZE,
> > +                            &xsk->fill,
> > +                            &xsk->comp,
> > +                            &umem_config);
> > +     if (!ASSERT_OK(ret, "xsk_umem__create"))
> > +             return ret;
> > +
> > +     ret = xsk_socket__create(&xsk->socket, ifname, QUEUE_ID,
> > +                              xsk->umem,
> > +                              &xsk->rx,
> > +                              &xsk->tx,
> > +                              &socket_config);
> > +     if (!ASSERT_OK(ret, "xsk_socket__create"))
> > +             return ret;
> > +
> > +     /* First half of umem is for TX. This way address matches 1-to-1
> > +      * to the completion queue index.
> > +      */
> > +
> > +     for (i = 0; i < UMEM_NUM / 2; i++) {
> > +             addr = i * UMEM_FRAME_SIZE;
> > +             printf("%p: tx_desc[%d] -> %lx\n", xsk, i, addr);
>
> Do you still need this verbose printf which is in a loop?  Also, how about other
> printf in this test?

In case we'd ever need to debug this test, those printfs shouldn't
hurt, right? Or are you concerned about this test polluting the output
with something like 'test_progs -v -v' ?

> > +     }
> > +
> > +     /* Second half of umem is for RX. */
> > +
> > +     ret = xsk_ring_prod__reserve(&xsk->fill, UMEM_NUM / 2, &idx);
> > +     if (!ASSERT_EQ(UMEM_NUM / 2, ret, "xsk_ring_prod__reserve"))
> > +             return ret;
> > +     if (!ASSERT_EQ(idx, 0, "fill idx != 0"))
> > +             return -1;
> > +
> > +     for (i = 0; i < UMEM_NUM / 2; i++) {
> > +             addr = (UMEM_NUM / 2 + i) * UMEM_FRAME_SIZE;
> > +             printf("%p: rx_desc[%d] -> %lx\n", xsk, i, addr);
> > +             *xsk_ring_prod__fill_addr(&xsk->fill, i) = addr;
> > +     }
> > +     xsk_ring_prod__submit(&xsk->fill, ret);
> > +
> > +     return 0;
> > +}
> > +
>
> [ ... ]
>
> > +void test_xdp_metadata(void)
> > +{
> > +     struct xdp_metadata2 *bpf_obj2 = NULL;
> > +     struct xdp_metadata *bpf_obj = NULL;
> > +     struct bpf_program *new_prog, *prog;
> > +     struct nstoken *tok = NULL;
> > +     __u32 queue_id = QUEUE_ID;
> > +     struct bpf_map *prog_arr;
> > +     struct xsk tx_xsk = {};
> > +     struct xsk rx_xsk = {};
> > +     __u32 val, key = 0;
> > +     int retries = 10;
> > +     int rx_ifindex;
> > +     int sock_fd;
> > +     int ret;
> > +
> > +     /* Setup new networking namespace, with a veth pair. */
> > +
> > +     SYS("ip netns add xdp_metadata");
> > +     tok = open_netns("xdp_metadata");
> > +     SYS("ip link add numtxqueues 1 numrxqueues 1 " TX_NAME
> > +         " type veth peer " RX_NAME " numtxqueues 1 numrxqueues 1");
> > +     SYS("ip link set dev " TX_NAME " address 00:00:00:00:00:01");
> > +     SYS("ip link set dev " RX_NAME " address 00:00:00:00:00:02");
> > +     SYS("ip link set dev " TX_NAME " up");
> > +     SYS("ip link set dev " RX_NAME " up");
> > +     SYS("ip addr add " TX_ADDR "/" PREFIX_LEN " dev " TX_NAME);
> > +     SYS("ip addr add " RX_ADDR "/" PREFIX_LEN " dev " RX_NAME);
> > +
> > +     rx_ifindex = if_nametoindex(RX_NAME);
> > +
> > +     /* Setup separate AF_XDP for TX and RX interfaces. */
> > +
> > +     ret = open_xsk(TX_NAME, &tx_xsk);
> > +     if (!ASSERT_OK(ret, "open_xsk(TX_NAME)"))
> > +             goto out;
> > +
> > +     ret = open_xsk(RX_NAME, &rx_xsk);
> > +     if (!ASSERT_OK(ret, "open_xsk(RX_NAME)"))
> > +             goto out;
> > +
> > +     bpf_obj = xdp_metadata__open();
> > +     if (!ASSERT_OK_PTR(bpf_obj, "open skeleton"))
> > +             goto out;
> > +
> > +     prog = bpf_object__find_program_by_name(bpf_obj->obj, "rx");
> > +     bpf_program__set_ifindex(prog, rx_ifindex);
> > +     bpf_program__set_flags(prog, BPF_F_XDP_DEV_BOUND_ONLY);
> > +
> > +     if (!ASSERT_OK(xdp_metadata__load(bpf_obj), "load skeleton"))
> > +             goto out;
> > +
> > +     /* Make sure we can't add dev-bound programs to prog maps. */
> > +     prog_arr = bpf_object__find_map_by_name(bpf_obj->obj, "prog_arr");
> > +     if (!ASSERT_OK_PTR(prog_arr, "no prog_arr map"))
> > +             goto out;
> > +
> > +     val = bpf_program__fd(prog);
> > +     if (!ASSERT_ERR(bpf_map__update_elem(prog_arr, &key, sizeof(key),
> > +                                          &val, sizeof(val), BPF_ANY),
> > +                     "update prog_arr"))
> > +             goto out;
> > +
> > +     /* Attach BPF program to RX interface. */
> > +
> > +     ret = bpf_xdp_attach(rx_ifindex,
> > +                          bpf_program__fd(bpf_obj->progs.rx),
> > +                          XDP_FLAGS, NULL);
> > +     if (!ASSERT_GE(ret, 0, "bpf_xdp_attach"))
> > +             goto out;
> > +
> > +     sock_fd = xsk_socket__fd(rx_xsk.socket);
> > +     ret = bpf_map_update_elem(bpf_map__fd(bpf_obj->maps.xsk), &queue_id, &sock_fd, 0);
> > +     if (!ASSERT_GE(ret, 0, "bpf_map_update_elem"))
> > +             goto out;
> > +
> > +     /* Send packet destined to RX AF_XDP socket. */
> > +     if (!ASSERT_GE(generate_packet(&tx_xsk, AF_XDP_CONSUMER_PORT), 0,
> > +                    "generate AF_XDP_CONSUMER_PORT"))
> > +             goto out;
> > +
> > +     /* Verify AF_XDP RX packet has proper metadata. */
> > +     if (!ASSERT_GE(verify_xsk_metadata(&rx_xsk), 0,
> > +                    "verify_xsk_metadata"))
> > +             goto out;
> > +
> > +     complete_tx(&tx_xsk);
> > +
> > +     /* Make sure freplace correctly picks up original bound device
> > +      * and doesn't crash.
> > +      */
> > +
> > +     bpf_obj2 = xdp_metadata2__open();
> > +     if (!ASSERT_OK_PTR(bpf_obj2, "open skeleton"))
> > +             goto out;
> > +
> > +     new_prog = bpf_object__find_program_by_name(bpf_obj2->obj, "freplace_rx");
> > +     bpf_program__set_attach_target(new_prog, bpf_program__fd(prog), "rx");
> > +
> > +     if (!ASSERT_OK(xdp_metadata2__load(bpf_obj2), "load freplace skeleton"))
> > +             goto out;
> > +
> > +     if (!ASSERT_OK(xdp_metadata2__attach(bpf_obj2), "attach freplace"))
> > +             goto out;
> > +
> > +     /* Send packet to trigger . */
> > +     if (!ASSERT_GE(generate_packet(&tx_xsk, AF_XDP_CONSUMER_PORT), 0,
> > +                    "generate freplace packet"))
> > +             goto out;
> > +
> > +     while (!retries--) {
> > +             if (bpf_obj2->bss->called)
> > +                     break;
> > +             usleep(10);
> > +     }
> > +     ASSERT_GT(bpf_obj2->bss->called, 0, "not called");
> > +
> > +out:
> > +     close_xsk(&rx_xsk);
> > +     close_xsk(&tx_xsk);
> > +     if (bpf_obj2)
>
> nit. no need to test NULL.  xdp_metadata2__destroy() can handle it.

SG, thanks!

> > +             xdp_metadata2__destroy(bpf_obj2);
> > +     if (bpf_obj)
>
> Same here.
>
> > +             xdp_metadata__destroy(bpf_obj);
> > +     system("ip netns del xdp_metadata");
>
> didn't know netns can be deleted before close_netns(tok).  Can you double check?

Should probably work because 'ip netns del' just unlinks the netns fd?
But let's properly reoder.


> > +     if (tok)
> > +             close_netns(tok);
> > +}
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ